If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ok the first thing your going to want to do is get the correct tools to do the job correctly, to find the tools go here <http://www.geocities.com/cafenekilla> then go to my hacking 101 section they are listed under tools.

The first logical step obviously is determining whether the target computer is alive, you can do this with network ping sweeps (basically sweeps a block of I.pís to see if any computers are on the other end) normally all this does is send an ICMP ECHO type 8 ping to a target system in hopes of getting the response ICMP ECHO_REPLY type0 thus telling you its alive.

Ping sweeps:

There are a lot of tools that you can use to do this with I will try to cover (if your using Unix/Linux use fping, which works much faster than ping) the main utility I use for this that works on both Linux and windows is NMAP which can be found here, <http://www.insecure.org/nmap> . Under the -sp option in NMAP you can do a ping sweep like this:

Host (185.154.33.0) Appears to be a subnet broadcast (returned 2 extra pings)
Host (185.154.33.1 ) Appears to be up
Host (185.154.33.4 ) Appears to be up
Host (185.154.33.8 ) Appears to be up
Host (185.154.33.11) Appears to be up
Host (185.154.33.12) Appears to be up
Host (185.154.33.14) Appears to be up
Host (185.154.33.15) Appears to be up
Host (185.154.33.17) Appears to be up
Host (185.154.33:18) Appears to be up
Host (185.154.33.20) Appears to be up

If nmapís ported windows version isnít working great for you, try this freeware pinger from Rhino9 called pinger v 1.0 which can be found here <http://www.nmrc.org/> it is one of the fastest pingers that vie ever used and I highly recommend it to windows users. Its fast because it sends out multiple ICMP packets in parallel then waits for responses. Other good ping sweepers include ws ping which can be downloaded here <http://www.ipswitch.com/> and netscan tools from here <http://www.nwpsw.com/>.

When ICMP traffic is blocked possibly from a firewall/router you can try a little port scanning ,(basically scanning one IP for a range of open ports).

NMAP will scan an ip for open ports with the use of the -sp command and a port number (TCP ping scan). Port 80 (www port) works a lot of the time routers usually let you through. Output from nmap would look something like this:

Host (185.154.33.0) Appears to be a subnet broadcast (returned 2 extra pings)
Host (185.154.33.1 ) Appears to be up
Host (185.154.33.4 ) Appears to be up
Host shadow (185.154.33.8 ) Appears to be up
Host (185.154.33.11) Appears to be up
Host (185.154.33.12) Appears to be up
Host (185.154.33.14) Appears to be up
Host (185.154.33.15) Appears to be up
Host (185.154.33.17) Appears to be up
Host (185.154.33:18) Appears to be up
Host (185.154.33.20) Appears to be up

This method can be quite effective. You should try this with different ports as well.

Prevention: to prevent people from performing the afore mentioned techniques you can, the main ways of doing this include network based IDS programs like snort from <http://www.snort.org/>. threes a cool windows based utility to detect host based pings is Genius which is now at version 3.1 located at <http://www.indiesoft.com/> (genius doesnít detect ICMP ECHO, just TCP pings)

_________________________________________________________________

Port Scanning

Port scanning is just a systematic approach to finding what ports are listening or running services on a target machine, this is done by connecting to TCP and UDP ports and waiting for a reply. One should be able derive the following info on a computer after running a successful scan. The TCP and UDP services running, applications and versions associated with different services, and of course the OS the target is running.

Types of scans

1. TCP connect scan--This scan just connects and completes the three way handshake.

2. TCP syn scan---only a syn packet is sent, if a syn/ack packet is received usually the port is listening. If an rst/ack packet is received it usually indicates target is not listening

3. TCP fin scan--sends a FIN packet to target, the target should send back an rst for all closed ports (usually only works on unix stacks)

4. TCP xmas tree scan-- sends a FIN, URG, and PUSH packet to the target port. System should send back an RST for all closed ports.

5. TCP null scan-- this will turn off all flags, again the system should send back an RST for all closed ports.

secondly the types of scans are just that. they are factual information that i have written up from reading numerous tutorials and books on the subject, and did not come from any of those sights. i was simply stating the types of different scans, which any tutorial about scanners is going to have about the same info, my wording came directly from my head. none of those lists are the same as the one i gave, they all have simalar points too them because they all describe scanning(like i had to state that). i think that your time would be better spent giving me some constructive critisism, other than this fodder that your feed ing me about my list being similar, of course its similar.

i understand that a lot of people are in the habit of copying other peoples work and pasting there handle at the top, but the least you can do is investigate it, and if it turns out to be plagurized then you can complain. until then keep it to yourself .

this was not meant as a flame, but next time dont be so quick to judge

The original tutorial along with others I have written are on my webpage, this tutorial is available with pictures on my page.